What is CVE-2025-65104?

CVE-2025-65104 is a high-severity vulnerability in Firebirdsql Firebird, classified under Information Disclosure. CVSS score: 7.9/10. Published 2026-04-17.

How severe is CVE-2025-65104?

High severity. CVSS v3 base score is 7.9 out of 10.

Information disclosure in Firebirdsql Firebird

CVE-2025-65104

Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak…

Vulnerability class: Information Disclosure

EPSS: 0.000 (9.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.9 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L.

Affected products

Firebirdsql Firebird — versions < 4.0.0

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-mfpr-9886-xjhg (x_refsource_CONFIRM)
https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.0 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-65104?: CVE-2025-65104 is a high-severity vulnerability in Firebirdsql Firebird, classified under Information Disclosure. CVSS score: 7.9/10. Published 2026-04-17.
How severe is CVE-2025-65104?: High severity. CVSS v3 base score is 7.9 out of 10.